Philip Craig of SnapGear has posted his correction of
existing PPTP connection tracking netfilter patch. See
for the latest to date patch and
for his explanation of the problem.
I attached the "cumulative" patch against pristine
Linux 2.4.20 kernel that will add PPTP connection
tracking modules necessary on the client side firewall
when internal machines connect to the same external server.
Note that your PPTP server will have to generate
different Call ID numbers in order for the PPTP modules
on the client firewall identify different workstations'
tunnels. See the poptop patch in the bug report 648880:
I think that no PPTP tracking is required when clients
connect to different external servers because TCP and
GRE replies will carry different source IP addresses
and this will allow netfilter to identify appropriate
Log in to post a comment.